Hello, Fix interaction between root zone and global forwarders.
Finally the following priority order should be respected in all circumstances: - root zone (highest priority) - server config in LDAP - global config in LDAP - named.conf https://fedorahosted.org/bind-dyndb-ldap/ticket/165 This patch and all previous patches can be found in my Github repo in branch server_config_in_ldap3. -- Petr^2 Spacek
From 65809c64bc21994d663780607f6a0bfe11c44e26 Mon Sep 17 00:00:00 2001 From: Petr Spacek <pspa...@redhat.com> Date: Wed, 8 Jun 2016 15:18:07 +0200 Subject: [PATCH] Fix interaction between root zone and global forwarders. Finally the following priority order should be respected in all circumstances: - root zone (highest priority) - server config in LDAP - global config in LDAP - named.conf https://fedorahosted.org/bind-dyndb-ldap/ticket/165 --- src/fwd.c | 36 ++++++++++++++++++++++++++++++++++++ src/fwd.h | 4 ++++ src/ldap_helper.c | 16 ++++++++-------- src/ldap_helper.h | 2 ++ 4 files changed, 50 insertions(+), 8 deletions(-) diff --git a/src/fwd.c b/src/fwd.c index ba3e59ab107afeabc66cd8ae833bafbd0e13c89e..1f6a9e5d922d6a14dec88e04d41ad911f2dfd389 100644 --- a/src/fwd.c +++ b/src/fwd.c @@ -18,6 +18,7 @@ #include "ldap_helper.h" #include "lock.h" #include "settings.h" +#include "zone_register.h" const enum_txt_assoc_t forwarder_policy_txts[] = { { dns_fwdpolicy_none, "none" }, @@ -675,3 +676,38 @@ fwd_delete_table(dns_view_t *view, dns_name_t *name, return ISC_R_SUCCESS; /* ISC_R_NOTFOUND = nothing to delete */ } } + +/** + * Reconfigure global forwarder using latest configuration in priority order: + * - root zone (if it is active) + * - server LDAP config + * - global LDAP config (inheritance is handled by settings tree) + * - named.conf (inheritance is handled by settings tree) + */ +isc_result_t +fwd_reconfig_global(ldap_instance_t *inst) { + isc_result_t result; + settings_set_t *toplevel_settings = NULL; + isc_boolean_t root_zone_is_active = ISC_FALSE; + + /* we have to respect forwarding configuration for root zone */ + result = zr_get_zone_settings(ldap_instance_getzr(inst), dns_rootname, + &toplevel_settings); + if (result == ISC_R_SUCCESS) + /* is root zone active? */ + CHECK(setting_get_bool("active", toplevel_settings, + &root_zone_is_active)); + else if (result != ISC_R_NOTFOUND) + goto cleanup; + + if (root_zone_is_active == ISC_FALSE) + toplevel_settings = ldap_instance_getsettings_server(inst); + + CHECK(fwd_configure_zone(toplevel_settings, inst, dns_rootname)); + if (result != ISC_R_SUCCESS) + log_error_r("global forwarder could not be set up using %s", + toplevel_settings->name); + +cleanup: + return result; +} diff --git a/src/fwd.h b/src/fwd.h index d1d0f5c491f61890a6cdf80f85b5277577acce47..8416d9578215e4fab562240026f1a532c6ac8e81 100644 --- a/src/fwd.h +++ b/src/fwd.h @@ -34,4 +34,8 @@ fwd_delete_table(dns_view_t *view, dns_name_t *name, const char *msg_obj_type, const char *logname) ATTR_NONNULLS ATTR_CHECKRESULT; +isc_result_t +fwd_reconfig_global(ldap_instance_t *inst) + ATTR_NONNULLS ATTR_CHECKRESULT; + #endif /* _LD_FWD_H_ */ diff --git a/src/ldap_helper.c b/src/ldap_helper.c index 7f8774079cc11f13b31d77fe3e6e262f97443603..081fa37ee4c5b0c6a52339114c8892071c261a40 100644 --- a/src/ldap_helper.c +++ b/src/ldap_helper.c @@ -1418,10 +1418,7 @@ ldap_parse_configentry(ldap_entry_t *entry, ldap_instance_t *inst) result = fwd_parse_ldap(entry, inst->global_settings); if (result == ISC_R_SUCCESS) { - result = fwd_configure_zone(inst->global_settings, inst, - dns_rootname); - if (result != ISC_R_SUCCESS) - log_error_r("global forwarder could not be set up"); + CHECK(fwd_reconfig_global(inst)); } else if (result != ISC_R_IGNORE) goto cleanup; @@ -1458,10 +1455,7 @@ ldap_parse_serverconfigentry(ldap_entry_t *entry, ldap_instance_t *inst) result = fwd_parse_ldap(entry, inst->server_ldap_settings); if (result == ISC_R_SUCCESS) { - result = fwd_configure_zone(inst->server_ldap_settings, inst, - dns_rootname); - if (result != ISC_R_SUCCESS) - log_error_r("global forwarder could not be set up"); + CHECK(fwd_reconfig_global(inst)); } else if (result != ISC_R_IGNORE) goto cleanup; @@ -4453,6 +4447,12 @@ ldap_instance_getsettings_local(ldap_instance_t *ldap_inst) return ldap_inst->local_settings; } +settings_set_t * +ldap_instance_getsettings_server(ldap_instance_t *ldap_inst) +{ + return ldap_inst->server_ldap_settings; +} + const char * ldap_instance_getdbname(ldap_instance_t *ldap_inst) { diff --git a/src/ldap_helper.h b/src/ldap_helper.h index 1d691a29a06db645acb3979a1425df9ecb8577d7..0368ec7343ef7b16e7afb25b17f3067bf7c09f76 100644 --- a/src/ldap_helper.h +++ b/src/ldap_helper.h @@ -78,6 +78,8 @@ ldap_mod_free(isc_mem_t *mctx, LDAPMod **changep); settings_set_t * ldap_instance_getsettings_local(ldap_instance_t *ldap_inst) ATTR_NONNULLS; +settings_set_t * ldap_instance_getsettings_server(ldap_instance_t *ldap_inst) ATTR_NONNULLS; + const char * ldap_instance_getdbname(ldap_instance_t *ldap_inst) ATTR_NONNULLS; zone_register_t * ldap_instance_getzr(ldap_instance_t *ldap_inst) ATTR_NONNULLS; -- 2.5.5
-- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code